From 8ef50832d3459d4eb35ecb4f116c580475acb59d Mon Sep 17 00:00:00 2001 From: chgl Date: Fri, 21 Jul 2023 16:26:10 +0200 Subject: [PATCH] Updated helm chart with additional config settings (#566) --- charts/hapi-fhir-jpaserver/Chart.yaml | 12 ++-- charts/hapi-fhir-jpaserver/README.md | 21 ++----- charts/hapi-fhir-jpaserver/README.md.gotmpl | 2 +- .../ci/extra-config-values.yaml | 17 ++++++ .../templates/application-config.yaml | 11 ++++ .../templates/deployment.yaml | 52 ++++++++--------- .../templates/tests/test-endpoints.yaml | 33 ++++------- charts/hapi-fhir-jpaserver/values.yaml | 58 ++++++++++++++++--- 8 files changed, 126 insertions(+), 80 deletions(-) create mode 100644 charts/hapi-fhir-jpaserver/ci/extra-config-values.yaml create mode 100644 charts/hapi-fhir-jpaserver/templates/application-config.yaml diff --git a/charts/hapi-fhir-jpaserver/Chart.yaml b/charts/hapi-fhir-jpaserver/Chart.yaml index 9fcd564..a81e108 100644 --- a/charts/hapi-fhir-jpaserver/Chart.yaml +++ b/charts/hapi-fhir-jpaserver/Chart.yaml @@ -11,15 +11,17 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql.enabled appVersion: 6.6.0 -version: 0.12.0 +version: 0.13.0 annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/changes: | # When using the list of objects option the valid supported kinds are # added, changed, deprecated, removed, fixed, and security. + - kind: added + description: allow specifying application properties via yaml config + - kind: added + description: allow setting resource limits and requests for the Helm test pods - kind: changed - description: updated HAPI FHIR JPA Server app image version to v6.6.0 + description: updated curl used by helm tests to version to v8.2.0 - kind: changed - description: updated curl used by helm tests to version to v8.1.1 - - kind: changed - description: updated postgresql sub-chart to v12.5.6 + description: allow disabling the liveness-, readiness-, and startup-probes entirely diff --git a/charts/hapi-fhir-jpaserver/README.md b/charts/hapi-fhir-jpaserver/README.md index 179f68e..7d4d338 100644 --- a/charts/hapi-fhir-jpaserver/README.md +++ b/charts/hapi-fhir-jpaserver/README.md @@ -1,6 +1,6 @@ # HAPI FHIR JPA Server Starter Helm Chart -![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.6.0](https://img.shields.io/badge/AppVersion-6.6.0-informational?style=flat-square) +![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.6.0](https://img.shields.io/badge/AppVersion-6.6.0-informational?style=flat-square) This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment. @@ -30,6 +30,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver | externalDatabase.password | string | `""` | database password | | externalDatabase.port | int | `5432` | database port number | | externalDatabase.user | string | `"fhir"` | username for the external database | +| extraConfig | string | `""` | additional Spring Boot application config. Mounted as a file and automatically loaded by the application. | | extraEnv | list | `[]` | extra environment variables to set on the server container | | fullnameOverride | string | `""` | override the chart fullname | | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use | @@ -43,11 +44,6 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver | ingress.hosts[0].pathType | string | `"ImplementationSpecific"` | | | ingress.hosts[0].paths[0] | string | `"/"` | | | ingress.tls | list | `[]` | ingress TLS config | -| livenessProbe.failureThreshold | int | `5` | | -| livenessProbe.initialDelaySeconds | int | `30` | | -| livenessProbe.periodSeconds | int | `20` | | -| livenessProbe.successThreshold | int | `1` | | -| livenessProbe.timeoutSeconds | int | `30` | | | metrics.service.port | int | `8081` | | | metrics.serviceMonitor.additionalLabels | object | `{}` | additional labels to apply to the ServiceMonitor object, e.g. `release: prometheus` | | metrics.serviceMonitor.enabled | bool | `false` | if enabled, creates a ServiceMonitor instance for Prometheus Operator-based monitoring | @@ -65,11 +61,6 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver | postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | | postgresql.primary.containerSecurityContext.runAsNonRoot | bool | `true` | | | postgresql.primary.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| readinessProbe.failureThreshold | int | `5` | | -| readinessProbe.initialDelaySeconds | int | `30` | | -| readinessProbe.periodSeconds | int | `20` | | -| readinessProbe.successThreshold | int | `1` | | -| readinessProbe.timeoutSeconds | int | `20` | | | replicaCount | int | `1` | number of replicas to deploy | | resources | object | `{}` | configure the FHIR server's resource requests and limits | | securityContext.allowPrivilegeEscalation | bool | `false` | | @@ -82,18 +73,14 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver | securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | service.port | int | `8080` | port where the server will be exposed at | | service.type | string | `"ClusterIP"` | service type | -| startupProbe.failureThreshold | int | `10` | | -| startupProbe.initialDelaySeconds | int | `30` | | -| startupProbe.periodSeconds | int | `30` | | -| startupProbe.successThreshold | int | `1` | | -| startupProbe.timeoutSeconds | int | `30` | | +| tests.resources | object | `{}` | configure the test pods resource requests and limits | | tolerations | list | `[]` | pod tolerations | | topologySpreadConstraints | list | `[]` | pod topology spread configuration see: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api | ## Development To update the Helm chart when a new version of the `hapiproject/hapi` image is released, [values.yaml](values.yaml) `image.tag` and the [Chart.yaml](Chart.yaml)'s -`version` and optionally the `appVersion` field on major releases need to be updated. Afterwards, re-generate the [README.md](README.md) +`version` and optionally the `appVersion` field need to be updated. Afterwards, re-generate the [README.md](README.md) by running: ```sh diff --git a/charts/hapi-fhir-jpaserver/README.md.gotmpl b/charts/hapi-fhir-jpaserver/README.md.gotmpl index bfe5146..4647395 100644 --- a/charts/hapi-fhir-jpaserver/README.md.gotmpl +++ b/charts/hapi-fhir-jpaserver/README.md.gotmpl @@ -18,7 +18,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver ## Development To update the Helm chart when a new version of the `hapiproject/hapi` image is released, [values.yaml](values.yaml) `image.tag` and the [Chart.yaml](Chart.yaml)'s -`version` and optionally the `appVersion` field on major releases need to be updated. Afterwards, re-generate the [README.md](README.md) +`version` and optionally the `appVersion` field need to be updated. Afterwards, re-generate the [README.md](README.md) by running: ```sh diff --git a/charts/hapi-fhir-jpaserver/ci/extra-config-values.yaml b/charts/hapi-fhir-jpaserver/ci/extra-config-values.yaml new file mode 100644 index 0000000..d2406ac --- /dev/null +++ b/charts/hapi-fhir-jpaserver/ci/extra-config-values.yaml @@ -0,0 +1,17 @@ +extraConfig: | + hapi: + fhir: + cr_enabled: true + tester: + home: + name: Hello HAPI FHIR + server_address: "http://fhir-server.127.0.0.1.nip.io/fhir" + refuse_to_fetch_third_party_urls: true + fhir_version: R4 + +ingress: + enabled: true + hosts: + - host: fhir-server.127.0.0.1.nip.io + pathType: ImplementationSpecific + paths: ["/"] diff --git a/charts/hapi-fhir-jpaserver/templates/application-config.yaml b/charts/hapi-fhir-jpaserver/templates/application-config.yaml new file mode 100644 index 0000000..e4df9ce --- /dev/null +++ b/charts/hapi-fhir-jpaserver/templates/application-config.yaml @@ -0,0 +1,11 @@ +{{- if .Values.extraConfig -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "hapi-fhir-jpaserver.fullname" . }}-application-config + labels: + {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} +data: + application-extra.yaml: |- + {{ .Values.extraConfig | nindent 4 }} +{{- end }} diff --git a/charts/hapi-fhir-jpaserver/templates/deployment.yaml b/charts/hapi-fhir-jpaserver/templates/deployment.yaml index 227ac4f..c15609f 100644 --- a/charts/hapi-fhir-jpaserver/templates/deployment.yaml +++ b/charts/hapi-fhir-jpaserver/templates/deployment.yaml @@ -63,38 +63,17 @@ spec: - name: http-metrics containerPort: 8081 protocol: TCP - startupProbe: - httpGet: - path: /readyz - port: http {{- with .Values.startupProbe }} - initialDelaySeconds: {{ .initialDelaySeconds }} - periodSeconds: {{ .periodSeconds }} - timeoutSeconds: {{ .timeoutSeconds }} - successThreshold: {{ .successThreshold }} - failureThreshold: {{ .failureThreshold }} + startupProbe: + {{- toYaml . | nindent 12 }} {{- end }} - readinessProbe: - httpGet: - path: /readyz - port: http - {{- with .Values.readinessProbe }} - initialDelaySeconds: {{ .initialDelaySeconds }} - periodSeconds: {{ .periodSeconds }} - timeoutSeconds: {{ .timeoutSeconds }} - successThreshold: {{ .successThreshold }} - failureThreshold: {{ .failureThreshold }} - {{- end }} - livenessProbe: - httpGet: - path: /livez - port: http {{- with .Values.livenessProbe }} - initialDelaySeconds: {{ .initialDelaySeconds }} - periodSeconds: {{ .periodSeconds }} - timeoutSeconds: {{ .timeoutSeconds }} - successThreshold: {{ .successThreshold }} - failureThreshold: {{ .failureThreshold }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} @@ -118,6 +97,10 @@ spec: value: "true" - name: MANAGEMENT_SERVER_PORT value: "8081" + {{- if .Values.extraConfig }} + - name: SPRING_CONFIG_IMPORT + value: "/app/config/application-extra.yaml" + {{- end }} {{- if .Values.extraEnv }} {{ toYaml .Values.extraEnv | nindent 12 }} {{- end }} @@ -126,6 +109,12 @@ spec: name: tmp-volume - mountPath: /app/target name: lucenefiles-volume + {{- if .Values.extraConfig }} + - name: application-extra-config + mountPath: /app/config/application-extra.yaml + readOnly: true + subPath: application-extra.yaml + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -147,3 +136,8 @@ spec: emptyDir: {} - name: lucenefiles-volume emptyDir: {} + {{- if .Values.extraConfig }} + - name: application-extra-config + configMap: + name: {{ include "hapi-fhir-jpaserver.fullname" . }}-application-config + {{- end }} diff --git a/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml b/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml index 7171150..bd81c4a 100644 --- a/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml +++ b/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml @@ -11,20 +11,17 @@ spec: restartPolicy: Never containers: - name: test-metadata-endpoint - image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c + image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}" command: ["curl", "--fail-with-body"] args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata?_summary=true"] {{- with .Values.restrictedContainerSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.tests.resources }} resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi + {{- toYaml . | nindent 8 }} + {{- end }} livenessProbe: exec: command: ["true"] @@ -32,20 +29,17 @@ spec: exec: command: ["true"] - name: test-patient-endpoint - image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c + image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}" command: ["curl", "--fail-with-body"] args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1&_summary=true"] {{- with .Values.restrictedContainerSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.tests.resources }} resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi + {{- toYaml . | nindent 8 }} + {{- end }} livenessProbe: exec: command: ["true"] @@ -53,20 +47,17 @@ spec: exec: command: ["true"] - name: test-metrics-endpoint - image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c + image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}" command: ["curl", "--fail-with-body"] args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.metrics.service.port }}/actuator/prometheus"] {{- with .Values.restrictedContainerSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.tests.resources }} resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi + {{- toYaml . | nindent 8 }} + {{- end }} livenessProbe: exec: command: ["true"] diff --git a/charts/hapi-fhir-jpaserver/values.yaml b/charts/hapi-fhir-jpaserver/values.yaml index 3349e1d..9e9c187 100644 --- a/charts/hapi-fhir-jpaserver/values.yaml +++ b/charts/hapi-fhir-jpaserver/values.yaml @@ -131,27 +131,42 @@ postgresql: seccompProfile: type: RuntimeDefault +# -- readiness probe +# @ignored readinessProbe: + httpGet: + path: /readyz + port: http failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 20 -startupProbe: - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 30 - +# -- liveness probe +# @ignored livenessProbe: + httpGet: + path: /livez + port: http failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 30 +# -- startup probe +# @ignored +startupProbe: + httpGet: + path: /readyz + port: http + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 30 + externalDatabase: # -- external database host used with `postgresql.enabled=false` host: localhost @@ -208,3 +223,32 @@ restrictedContainerSecurityContext: runAsGroup: 65534 seccompProfile: type: RuntimeDefault + +# @ignored +curl: + image: + registry: docker.io + repository: curlimages/curl + tag: 8.2.0@sha256:daf3f46a2639c1613b25e85c9ee4193af8a1d538f92483d67f9a3d7f21721827 + +tests: + # -- configure the test pods resource requests and limits + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# -- additional Spring Boot application config. Mounted as a file and automatically loaded by the application. +extraConfig: "" + # # For example: + # | + # hapi: + # fhir: + # implementationguides: + # gh_0_1_0: + # url: https://build.fhir.org/ig/hl7-eu/gravitate-health/package.tgz + # name: hl7.eu.fhir.gh + # version: 0.1.0